Get All AIP encrypted files - SharePoint Online

One of the recent project merger and acquisition.  Technology - M365 tenant to Tenant migration Areas of consolidation 1. Mailboxes  2. SharePoint online data 3. OneDrive for Business data 4. Teams data migration 5. Security and Compliance Migration  Area of concern from security and compliance side was the encrypted files within EXO, SPO, Teams, ODB. Issue with encrypted data migration - end users will not be able to access the documents once the Source tenant is decommissioned.   Solution available -  Ask end users to unencrypt the data before migration  Alternet Solution - 1. Decrypt the files, mails using eDiscovery - This will give us output in PST format will is available for offline access, but the data in source will still be encrypted.  Decryption in eDiscovery - Microsoft Purview (compliance) | Microsoft Docs   2. Use Get-AIPfileLabel and Get-AIPFileLabel but in order to use this you must be aware of all the files paths.  Challenges -  1. We do not want end user intervention

Connect with Me

My Name is Ravikaran Patel. I have 10 years of Experience working on  Microsoft 365. I have successfully completed multiple projects. I have hands on experience configuring the below   Microsoft DLP Cloud App security Azure information protection  Azure MFA  Windows Autopilot  Windows 10 management modernization Privileged Identity Management  Hybrid, Cutover, IMAP, PST POP 3 Migration Migration using 3rd party tool  Azure AD connect M365 security & compliance Intune  SSPR, Azure Identity protection  I offer the following services  Consultation  Identity & Access management  Security Assessment & setup Migration to Microsoft 365 Modern desktop management  Data Protection  Onboarding to Intune Microsoft information protection Integration of Apps with Azure Enterprise Mobility (MDM + MAM) Contact me - LinkedIn Profile

Restrict Access (View only) to org data on Windows 10 Personal device (BYOD)

One of the recent need from the client was as follows :- He has 3 types of Employees working in his organization.  1. Company Employees (on-Payroll) - Company owned device 2. Outsourced Consultants - Accessing org data on Payroll org device (non client owned devices) 3. Guest users  Need -  Company employees  should have full access to org data on Company owned devices, however if they access org data from their personal device it should be View only. Consultant - They can access the Data on the device but cannot save anything on device. Guest - They should have view only access and not able to save anything on device.  This above should be applicable to Email, One Drive,  SharePoint & Teams Data.  Solution -  Step 1 -   Enable limited Access. Step 2 - Create a conditional access policy for EXO with device and browser based condition to apply app restriction policy. Step 3 - modify the Sharepoint limited access policy and add the device exception. Step 4 - Create a policy for gu

Block users from saving data on System Drive on Intune Managed Device

Recently i delivered a project for Intune Deployment and came up with a requirement as follows End Users Should not be able to save data locally on C or D Drive, instead they should be allowed to save data only in One Drive for business (synced with System)  Based on the requirement i did my research and found the Following. its possible to control the Local System settings on a Azure AD joined Machine and Managed by Intune. There is no options to define exceptions in policies to allow data saving in certain folders.  Now most of us will think WIP (windows information protection) policy will help us protecting the data on device, however that's not completely true as . User can change the File Ownership to personal if the WIP policy is set to Allow Override. User can save the file locally on the system User will not be able to copy the data from work file to Personal file if policy is set to Allow override. Unenlightened apps cannot differentiate between personal and corporate data

Recover Deleted items in Exchange online (Microsoft office 365)

  In Exchange online we provide 3 layers of Recovery so that messages can be recovered Deleted Items Folder Recover Deleted Items Folder Purges Folder     Deleted Items Folder When a mail is deleted(normal Delete not shift Delete) its moved to Deleted Items folder and its present there until, either we manually delete the messages from there or its deleted automatically as per the Retention Policy of the Organization(default value is 30 days)   Recover Deleted Items Folder   When a mail is Shift deleted(hard deleted), or deleted from Deleted items or removed from deleted items by the Retention policy, its moved to the Recover Deleted Items Folder and it remains there for next 14 days (can be extended to 30 days).   There are 2 folders under Recovery Deleted Items Deleted Folder(its not the normal Deleted folder in the mailbox) Purges Folder    When the mail is present in Recovery Deleted Items(Deleted folder) i

Error - QuarantinedAttributeValueMustBeUnique

Case History. 1. Client already had users created in office 365 2. Client wanted to setup SSO for office 365 users Approach for requirement fullfilment   1. Deployed and configured Azure AD connect      95% users were synced and soft match was successfully done  5% users were getting error - QuarantinedAttributeValueMustBeUnique  (to view the sync issues - )  When we checked 2 users were found under Active users  1. one in Cloud (this was created earlier/ already existed ) with active licenses and Mailbox 2. one unlicensed synced with AD Solution - 1. Delete the unwanted user in Azure or AD as per this document.   but  If we delete the user in Azure we will loose

Error - AttributeValueMustBeUnique in Azure AD connect sync

My customer had already created accounts in office 365 and managing them in Azure, however due to some changes in business they wanted to sync AD with Azure to sync Password and Manage Identity form AD. Solution - Deploy Azure AD connect on ADDC, and post that it will do a Soft Match. However there were error with some users, their identities did not sync and their status still reflected as Azure AD. Error -  Unable to update this object because the following attributes associated with this object have values that may already be associated with another object in your local directory services: [ProxyAddresses;].  Correct or remove the duplicate values in your local directory.  Please refer to for more information on identifying objects with duplicate attribute values. Tracking Id: b8367c95-ae67-46e1-xxxx-xxxxxxxxxx ExtraErrorDetails: [{"Key":"ObjectId","Value":["cd088468-bb6a-4

Analyze Office 365 Message headers

How to get the message headers? From outlook. i. Double click on the mail “This will open the mail in new window” ii. Go to File option in the tool bar. iii. File > Info > Properties In the new pop up window copy all the contents available under “Internet Header” option. From OWA a. Open the mail b. Click on dropdown option available under “reply all” option c. Under the dropdown options select “Message Properties”. Once you have the message headers, open search “EXRCA” on Internet or open Once you are the Microsoft remote connectivity site is opened select the option “Message Analyzer” Paste the copied/saved header under “Insert the message header you would like to analyze” and click on analyze. You will see the results in the below order. ·          Summary will give the overview of the mail like o    Subject o    From , To , …etc ·